af8e2df90f2929bf069d9a3e962f3050_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

af8e2df90f2929bf069d9a3e962f3050_NeikiAnalytics.exe
Size

495KB
MD5

af8e2df90f2929bf069d9a3e962f3050
SHA1

29a16f1bfcf00f4f2fcd9b016d559118fe7d2def
SHA256

0b4351b4eccee9478e9fae5e2beb3ec4cd0ef9070ef9fcb594da885bcc5115e8
SHA512

71ec5e8da3cce9dc0834888d017d42b3894015f7bb6a730a3423e62da135d11d20c89ea528df7321c6213781c66d4ac831a83bf09338b7aa3804c32813c1d544
SSDEEP

12288:cSJl2JUhzosOU23YkCapCbdn9LQGW6pUPk8LbgYiM:jkJUhzosKIkCa459QKBsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af8e2df90f2929bf069d9a3e962f3050_NeikiAnalytics.exe

Files

af8e2df90f2929bf069d9a3e962f3050_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

c2d75ece1069cc7ed1d425f91ecfe137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Nppdf32.pdb

Imports

uxtheme

SetWindowTheme

kernel32

SetLastError
GetModuleFileNameW
OutputDebugStringA
ExitThread
CreateThread
CreateEventA
InitializeCriticalSection
GetTempFileNameA
GetTempPathA
OpenFile
GetModuleFileNameA
DeleteFileA
CopyFileA
OpenMutexW
WriteFile
SetNamedPipeHandleState
lstrlenW
GetVolumeInformationW
GetTickCount
FreeLibrary
LoadLibraryExA
GetTempPathW
GetLongPathNameW
GetVersionExW
GetLastError
DeleteCriticalSection
TerminateThread
SetEvent
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
ResumeThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
DecodePointer
EncodePointer
CreateMutexW
WaitNamedPipeW
TransactNamedPipe
GetFileType
GetVersionExA
SetThreadPriority
HeapCreate
lstrcpyW
HeapDestroy
CreateSemaphoreA
GetCurrentThreadId
CreateProcessW
OpenProcess
GetExitCodeProcess
FindFirstFileW
FindClose
CallNamedPipeW
GetCurrentProcess
QueryPerformanceCounter
CreateDirectoryA
CreateFileA
SetFilePointer
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
Sleep
WaitForSingleObject
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
CreateFileMappingA
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
MapViewOfFile
ReadFile
OpenFileMappingA
CreateFileW
GetFileSize
CloseHandle
FlushViewOfFile
UnmapViewOfFile
IsDebuggerPresent

user32

PostMessageW
GetMessageW
LoadMenuA
GetDesktopWindow
GetWindowLongA
ShowScrollBar
EnumWindows
IsChild
GetFocus
SetCursor
GetForegroundWindow
SetWindowRgn
GetClientRect
ShowWindow
SendDlgItemMessageA
GetSubMenu
ClientToScreen
GetWindow
CallWindowProcA
SetWindowLongA
GetWindowThreadProcessId
GetParent
GetPropA
RemovePropA
SetPropA
LoadStringW
LoadStringA
DestroyCursor
LoadCursorA
SetTimer
KillTimer
MessageBoxA
SetFocus
GetWindowRect
SetWindowPos
TranslateMessage
DispatchMessageA
CreateDialogParamA
GetMessageA
PostMessageA
GetClassNameA
PeekMessageA
RemovePropW
DestroyWindow
IsWindowVisible
GetWindowRgn
SetPropW
EndDialog
DefWindowProcA
GetPropW
InvalidateRect
UpdateWindow
IsWindow
SendDlgItemMessageW
SystemParametersInfoA
GetDlgItem
SendMessageA
FindWindowA
RegisterWindowMessageA
CreateWindowExW
GetAncestor
wsprintfW
WaitForInputIdle
GetActiveWindow
FindWindowW
MsgWaitForMultipleObjects
PostQuitMessage
DispatchMessageW
IsWindowUnicode

gdi32

CreateRoundRectRgn
CreateSolidBrush
SetBkColor
SetTextColor
GetStockObject
FillRgn
CreateRectRgn
Escape
GetDeviceCaps
DeleteEnhMetaFile
PlayEnhMetaFile
GetEnhMetaFileA
LPtoDP
DeleteObject

advapi32

RegEnumKeyExW
OpenProcessToken
GetTokenInformation
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance

msvcp100

?widen@?$ctype@G@std@@QBEGD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_BADOFF@std@@3_JB
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Container_base12@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z

msvcr100

_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_lock
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
memcpy
memmove
wcslen
memcmp
strlen
memset
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
strcpy
setlocale
_purecall
swprintf_s
localeconv
strncmp
wcsncpy_s
strchr
strrchr
strstr
vsprintf_s
_set_invalid_parameter_handler
strcmp
strcpy_s
sprintf_s
strcat_s
??_V@YAXPAX@Z
_itoa
malloc
free
_strnicmp
tolower
sscanf
_stricmp
_unlink
fopen
tmpfile
fclose
fseek
fread
fwrite
_onexit
_mbscmp
??0exception@std@@QAE@ABQBDH@Z
calloc
memchr
towlower
memcpy_s
memmove_s
_wcslwr_s
wcsncmp
_wcsnicmp
wcstol
iswdigit
_wassert
_wcsicmp
_waccess_s
fwscanf_s
_wfopen_s
_wsplitpath_s
_itow_s
_vsnprintf_s
_snwprintf
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_wcsdup
wcsrchr
wcsstr
_wputenv_s
wcsncat_s
wcscat_s
_wgetenv
wcscpy_s
wcstok_s
_wtof
_wtol
_time64
_wmakepath_s
_snwprintf_s
wcscat
_vsnprintf
_unlock
__dllonexit

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

SHGetFolderPathA

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
NP_AcrobatProtectedInitialize
NP_ApolloEntry
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2d75ece1069cc7ed1d425f91ecfe137

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

kernel32

user32

gdi32

advapi32

ole32

msvcp100

msvcr100

version

shell32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 294KB - Virtual size: 296KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 294KB - Virtual size: 296KB